[Hidden-tech] Separate lan for company laptop

[Jan Werner]

A guest network will separate the work laptop from your home network, but you should also 
protect yourself against the the possibility of sniffing or snooping since you have no 
idea what is installed on the foreign computer.

Two essential steps, which anyone who has a home WiFi network should take anyway, are to 
change the router login name and password from their defaults, and to use a strong 
password to encrypt your main network. A strong encryption password does not need some 
random combination of characters, but it needs to be long -- think 24 characters or more.

I work from home and have both work and guest networks running on 2 ASUS routers (the 
second router is configured as a media bridge for entertainment). The home network uses a 
36 character phrase which is easy for me to remember, but would be impossible for anyone 
else to guess or brute-force crack.

The guest network, which I make available to visitors and use for IOT devices like a 
WiFi-enabled thermostat, has a simple 8-character password. The primary router also lets 
me restrict the guest network to the 2.4Ghz band, preventing guest devices from accessing 
the entertainment sub-net connected to the main net through a dedicated 5Ghz channel.

Jan Werner
_____________


Aaron E-J via Hidden-discuss wrote:
> Most routers have the ability to set up a guest network (I know that Netgear does and I 
> think that other companies have similar things).  If you login to the router, look for 
> something that has 'guest' or 'subnet" in its name, enable it and uncheck "Allow guest to 
> access My Local Network" (at least that is what you do on Netgear).  I would keep a 
> firewall in place though, because the firewall is mainly preventing malicious incoming 
> traffic from getting in.  There isn't much that you can do to prevent them from knowing 
> that things are coming from the same place unless you set up a VPN but placing your work 
> computer in a different subnet will allow you to share files in your personal network 
> without risking it being seen by your employer.
> 
> Aaron E-J
> The Other Realm LLC
> http://otherrealm.org
> http://theotherrealm.org  (Blog)
> 
> On 2019-03-02 5:46 PM, Andy Klapper via Hidden-discuss wrote:
>>
>> I’ve spent a lot of time working remotely for various companies but I just got a new job 
>> where I am being issued a company laptop (in the past I’ve been a consultant and 
>> provided my own hardware).  Because this is company hardware they can put anything they 
>> want on the laptop and I not only have zero say on it but they don’t even have to tell 
>> me what they put on the laptop.  I would like to structure my home network so that this 
>> laptop sits outside of the firewall that surrounds my home network.  How do I go about 
>> doing that?  Is it as simple as putting a small inexpensive router between my cable 
>> modem and my primary house router?  Do I need to do more to secure my home network from 
>> my foreign hardware?
>>
>> Thanks,
>>
>> Andy.
>>
>> Andy Klapper
>>
>> Asgard Technology Group, LLC
>>
>> Making Complex Software Simple
>>
>> AndyTK at Asgard-Tech.com <mailto:AndyTK at Asgard-Tech.com>
>>
>> (860) 805-1189 (cell)
>>
>>
>> _______________________________________________
>> Hidden-discuss mailing list - home page:http://www.hidden-tech.net
>> Hidden-discuss at lists.hidden-tech.net
>>
>> You are receiving this because you are on the Hidden-Tech Discussion list.
>> If you would like to change your list preferences, Go to the Members
>> page on the Hidden Tech Web site.
>> http://www.hidden-tech.net/members
> 
> 
> 
> _______________________________________________
> Hidden-discuss mailing list - home page: http://www.hidden-tech.net
> Hidden-discuss at lists.hidden-tech.net
> 
> You are receiving this because you are on the Hidden-Tech Discussion list.
> If you would like to change your list preferences, Go to the Members
> page on the Hidden Tech Web site.
> http://www.hidden-tech.net/members
>